ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw-Skill-Creator

v1.0.1

Create new skills, modify and improve existing skills, and measure skill performance. Use when users want to create a skill from scratch, edit, or optimize a...

0· 63·0 current·0 all-time
byNawachat Muannak@nattsukun
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's stated purpose (create/iterate/benchmark skills) matches the included scripts (packaging, validating, running evals, improving descriptions). However several scripts (notably improve_description.py and others referenced in SKILL.md) call the 'claude' CLI and expect an Anthropic/Claude environment. The registry metadata declares no required binaries, env vars, or config paths, so the dependency on an external CLI/service and the use of session credentials is undeclared and therefore incoherent with the published metadata.
!
Instruction Scope
SKILL.md explicitly instructs running evals and using the bundled scripts (eval viewer, improve_description, run_eval, etc.). The included scripts build prompts containing full SKILL.md content and send them via a subprocessed 'claude' CLI call — meaning skill content, test prompts, and evaluation data are transmitted to external Claude services. The instructions therefore direct potentially sensitive project data and test cases to an external endpoint, despite no mention of this in the skill metadata.
Install Mechanism
There is no install spec (instruction-only), which reduces automatic install risk. However the package contains multiple Python scripts that, when executed, spawn subprocesses and perform network calls. The absence of a documented dependency list (python version, required packages, and the 'claude' CLI) is a mismatch: running these scripts may fail silently or perform unexpected external calls if the assumed environment exists.
!
Credentials
The manifest lists no required environment variables or primary credential, but scripts rely on the presence of an authenticated 'claude' CLI session and inherit environment credentials (they manipulate os.environ and pass the environment to subprocesses). The CHANGELOG included in the package explicitly warns that scripts use the user's Anthropic/Claude session credentials and create .claude temporary files. Requesting or using external service credentials without declaring them is disproportionate and a notable security/privacy risk.
!
Persistence & Privilege
The skill is not marked always:true and is user-invocable (normal), but included materials and the CHANGELOG indicate the scripts create temporary files under .claude/commands in the project root and may modify the project directory. Writing outside the skill folder (to a per-user .claude directory or other config) is an unexpected side effect that was not declared in the metadata or SKILL.md.
What to consider before installing
This package looks like a legitimate skill-creation toolkit but it has undeclared, high-impact behaviors: several scripts call the local 'claude' CLI and will transmit skill content, prompts, and evaluation data to external Claude/Anthropic services using whatever session credentials are present. The package also may write temporary files outside the skill folder (e.g., ~/.claude or .claude/commands). Before installing or running anything: - Inspect the code first (read the Python scripts mentioned: run_eval.py, improve_description.py, run_loop.py). Look for subprocess calls and network operations. - Do not run these scripts with your real credentials. If you must test, run them in an isolated VM/container with networking disabled or with a mocked 'claude' binary that does not forward data. - Backup or isolate your workspace (especially any existing .claude directory) before running. - Prefer the packaged alternative mentioned in CHANGELOG (skill-creator-guide) if you want a documentation-only, OpenClaw-native option. - Ask the publisher/maintainer to update registry metadata to explicitly list required binaries (claude CLI), Python/runtime dependencies, exact file-system side effects, and an option to run in offline/dry-run mode. If those changes are made (and an offline/mock mode is provided), the risk assessment could move toward benign; until then treat this skill as suspicious.

Like a lobster shell, security has layers — review code before you run it.

latestvk97agk6fqaf0vqgxhh3ec7ye6h83rw2v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments